Secure identification of execution contexts

摘要

A virtual-machine-based system that identifies an application or process in a virtual machine in order to locate resources associated with the identified application. Access to the located resources is then controlled based on a context of the identified application. Those applications without the necessary context will have a different view of the resource.

主权项

1. In a computer system comprising a virtual machine monitor (VMM) running on system hardware and supporting a virtual machine (VM), a method of establishing an identity of a first execution context running in the VM comprising:
providing a shim program in a virtual address space of the first execution context; the shim program, upon initialization, associating a first page, having a first page address, with the first execution context and passing the first page address to the VMM; the VMM, upon receipt of the first page address from the shim program, assigning a unique address space identifier (ASID) for the first execution context, generating a second identifier value and writing the second identifier value and the ASID at the first page address; and the VMM returning the ASID to the shim program.